Código HTML do Conteúdo

Post: Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs - Against Invaders - Notícias de CyberSecurity para humanos.

<div> <div> <p>Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms.</p> <p>XCSSET is a modular macOS malware that acts as an infostealer and cryptocurrency stealer, stealing Notes, cryptocurrency wallets, and browser data from infected devices. The malware spreads by searching for and infecting other Xcode projects found on the device, so that the malware is executed when the project is built.</p> <p>&ldquo;The XCSSET malware is designed to infect Xcode projects, typically used by software developers, andrun while an Xcode project is being built,&rdquo; explains Microsoft.</p> <p>&ldquo;We assess that this mode of infection and propagation banks on project files being shared among developers building Apple or macOS-related applications.&rdquo;</p> <p>In a new variant observed by Microsoft, researchers have noted several changes.</p> <p>It now attempts to steal Firefox browser data by installing a modified build of the open-source<a href="https://github.com/moonD4rk/HackBrowserData/tree/main" rel="nofollow noopener" target="_blank">HackBrowserData</a> tool, which is used todecryptand exportbrowser data from browser data stores.</p> <p>The new variant also includes a clipboard-hijacking component update that monitors the macOS clipboard for regular expression patterns associated with cryptocurrency addresses.</p> <p>When a crypto address is detected, it will replace the address with one belonging to the attacker. This causes any cryptocurrency sent by the user on an infected device to be sent to the attackers instead.</p> <div> <p><img decoding="async" alt="Attacker's cryptocurrency addresses used with the Clipboard hijacker" height="600" src="https://datalake.azaeo.com/wp-content/uploads/2025/09/crypto-address-xcsset.jpg" width="1060 /&gt;&lt;/div&gt; &lt;p&gt;The malware also includes new persistence methods, such as creating LaunchDaemon entries that execute a ~/.root payload and create a fake System Settings.app in /tmp to masquerade its activity.&lt;/p&gt; &lt;p&gt;The new variant is not yet widespread, and Microsoft reports that it has only observed it in limited attacks. The researchers have also shared their findings with Apple and are working with GitHub to remove associatedrepositories.&lt;/p&gt; &lt;p&gt;To protect against this type of malware, it is recommended to keep macOS and apps up to date, especially considering XCSSET has previously exploited vulnerabilities, &lt;a href=">including zero-days.</p> <p>Microsoft also recommends that developers always inspect Xcode projects before building them, especially when they have been shared with you by others.</p> <p><a href="https://hubs.li/Q03B5Kw_0" rel="noopener sponsored" target="_blank"><br /> <img decoding="async" alt="Picus Blue Report 2025" src="https://datalake.azaeo.com/wp-content/uploads/2025/08/blue-report-2025.jpg"><br /> </a> </p> </div> </div></div>